How To Install Zimbra Collaboration Suite (ZCS) On Ubuntu
July 6, 2007 at 3:34 pm | Posted in Ubuntu, zimbra | Leave a commentHow To Install Zimbra Collaboration Suite (ZCS) On Ubuntu
Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 03/05/2007
This guide shows how to install the Zimbra Collaboration Suite (ZCS) on Ubuntu 6.10 (Edgy Eft) and 6.06 (Dapper Drake) server systems. Zimbra is a full-featured, open source collaboration suite – email, group calendaring, contacts, and web document management and authoring. It has a feature-rich AJAX web interface and is compatible with clients such as Microsoft Outlook, Apple Mail, and Novell Evolution so that mail, contacts, and calendar items can be synchronised from these to the ZCS server. It can also be synchronized to many mobile devices. ZCS makes use of many existing open source projects such as Postfix, MySQL, and OpenLDAP.
if (!window.netshel_ord) { netshel_ord=Math.random()*10000000000000000; } if (!window.netshel_tile) { netshel_tile=1; } document.write(”); netshel_tile++; I do not issue any guarantee that this will work for you!
1 Preliminary Note
Please download the Ubuntu 6.10 or 6.06 server CD from http://www.ubuntu.com/download and install a basic Ubuntu system with it. Don’t install/enable any services (e.g. like LAMP or DNS) – if you do, you’ll have to disable them later on as they might interfere with Zimbra!
After the installation of the base system, we’ll do some additional configuration, e.g. enable the root account, install an SSH daemon, apply a static IP address and a hostname to the system.
I will use the hostname mail.example.com in this tutorial together with the IP address 192.168.0.110. Adjust this to your needs, but make sure that mail.example.com has a valid MX record in DNS (Zimbra needs this!). I assume you want to create email accounts for example.com instead of mail.example.com, so you should have an MX record for example.com as well.
In this example the Zimbra server is in a local network (192.168.0.110 is a private IP address) behind a router, so make sure you use the router’s public IP address (1.2.3.4 in this example) in the DNS records – of course this IP address should be static. If you have a dynamic IP address, you could use a service such as DynDNS.org, but keep in mind that most public IP addresses are blacklisted nowadays.
So if you use BIND on the authoritative name server for example.com, you should have something like this in example.com‘s zone file:
[...]mail.example.com. A 1.2.3.4mail.example.com. MX 0 mail.example.com.example.com. MX 0 mail.example.com. [...]
If your Ubuntu server is behind router, make sure that you forward at least port 25 from your router to your Ubuntu server.
If your Ubuntu server is in a data center, it most likely has a static public IP address and a hostname, so you can skip chapter 1.3, but still you must make sure that this hostname has a valid MX record.
1.1 Enable The root Account
To enable the root account, run
sudo passwd root
and specify a password for root.
Afterwards, become root by running
su
All following commands in this tutorial are executed as root (unless something else is written)!
1.2 Install The SSH Daemon
Just run
apt-get install ssh openssh-server
to install the SSH daemon.
1.3 Apply A Static IP Address And Hostname
Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.110):
vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).# The loopback network interface
auto lo
iface lo inet loopback# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.110
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
Then restart your network:
/etc/init.d/networking restart
Then edit /etc/hosts. Make it look like this:
vi /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.110 mail.example.com mail# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Now run
echo mail.example.com > /etc/hostname
and reboot the system:
shutdown -r now
Afterwards, run
hostname
hostname -f
Both should show mail.example.com.
From now on you can use an SSH client such as PuTTY and connect from your workstation to your Ubuntu server and follow the remaining steps from this tutorial.
1.4 Disable The Ubuntu CD In /etc/apt/sources.list
I like to install all packages over the internet instead of from the Ubuntu CD, therefore I disable the Ubuntu CD in /etc/apt/sources.list now:
vi /etc/apt/sources.list
On Ubuntu 6.10 (“Edgy Eft”), comment out this line:
[...] #deb cdrom:[Ubuntu-Server 6.10 _Edgy Eft_ - Release i386 (20061025.1)]/ edgy main restricted [...]
On Ubuntu 6.06 (“Dapper Drake”), it’s this line:
[...] #deb cdrom:[Ubuntu-Server 6.06 _Dapper Drake_ - Release i386 (20060531)]/ dapper main restricted [...]
Then update the packages database by running
apt-get update
1.5 Disable Services
If this is no fresh system and you have some services already running (such as Postfix, Apache, OpenLDAP), you must disable them first before installing Zimbra. Otherwise Zimbra will fail to install.
For example, to disable Postfix on your system, run
/etc/init.d/postfix stop
update-rc.d -f postfix remove
The commands for the other services are similar.
2 Change The Default Shell (Ubuntu 6.10 Edgy Eft Only)
If you are on Ubuntu Edgy Eft, most probably /bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:
rm -f /bin/sh
ln -s /bin/bash /bin/sh
If you don’t do this, you will most likely get an error like this during the Zimbra installation:
Creating SSL certificate…Done
Initializing ldap…TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:352
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:354
TLS: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib ssl_rsa.c:648
main: TLS init def ctx failed: -1
ERROR – failed to start slapd
FAILED (1)
On Ubuntu Dapper Drake, /bin/sh points to /bin/bash by default, so everything is ok.
3 Install Zimbra
First let’s install some prerequisites for Zimbra:
apt-get install curl fetchmail libpcre3 libgmp3c2 libexpat1 libxml2 libtie-ixhash-perl
Afterwards, go to http://www.zimbra.com/community/downloads.html and download the Ubuntu 6 (.tgz) package to /usr/src, for example like this:
cd /usr/src
wget http://kent.dl.sourceforge.net/sourceforge/zimbra/zcs-4.5.3_GA_733.UBUNTU6.tgz
(Replace the download URL with the one you get from SourceForge.)
if (!window.netshel_ord) { netshel_ord=Math.random()*10000000000000000; } if (!window.netshel_tile) { netshel_tile=1; } document.write(”); netshel_tile++; Afterwards, unpack the Zimbra .tgz file and start the installer:
tar xvfz zcs-4.5.3_GA_733.UBUNTU6.tgz
cd zcs/
./install.sh
The installer will ask a few questions. Answer them like this:
Operations logged to /tmp/install.log.4416
Checking for existing installation…
zimbra-ldap…NOT FOUND
zimbra-logger…NOT FOUND
zimbra-mta…NOT FOUND
zimbra-snmp…NOT FOUND
zimbra-store…NOT FOUND
zimbra-apache…NOT FOUND
zimbra-spell…NOT FOUND
zimbra-core…NOT FOUND
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
ZIMBRA, INC. (“ZIMBRA”) WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
License Terms for the Zimbra Collaboration Suite:
http://www.zimbra.com/license/collaboration_suite_collective_license_1.0.html
Press Return to continue <– <ENTER>
Install zimbra-ldap [Y] <– <ENTER>
Install zimbra-logger [Y] <– <ENTER>
Install zimbra-mta [Y] <– <ENTER>
Install zimbra-snmp [Y] <– <ENTER>
Install zimbra-store [Y] <– <ENTER>
Install zimbra-spell [Y] <– <ENTER>
The system will be modified. Continue? [N] <– y
Main menu
1) Hostname: mail.example.com
2) Ldap master host: mail.example.com
3) Ldap port: 389
4) Ldap password: set
5) zimbra-ldap: Enabled
6) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@mail.example.com
******* +Admin Password UNSET
+Enable automated spam training: yes
+Spam training user: spam.tukjrdnaco@mail.example.com
+Non-spam(Ham) training user: ham.rg8fvq6cd4@mail.example.com
+Global Documents Account: wiki@mail.example.com
+SMTP host: mail.example.com
+Web server HTTP port: 80
+Web server HTTPS port: 443
+Web server mode: http
+Enable POP/IMAP proxy: no
+IMAP server port: 143
+IMAP server SSL port: 993
+POP server port: 110
+POP server SSL port: 995
+Use spell check server: yes
+Spell server URL: http://mail.example.com:7780/aspell.php
7) zimbra-mta: Enabled
8) zimbra-snmp: Enabled
9) zimbra-logger: Enabled
10) zimbra-spell: Enabled
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? – help) <– 6
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@mail.example.com
** 4) Admin Password UNSET
5) Enable automated spam training: yes
6) Spam training user: spam.tukjrdnaco@mail.example.com
7) Non-spam(Ham) training user: ham.rg8fvq6cd4@mail.example.com
8) Global Documents Account: wiki@mail.example.com
9) SMTP host: mail.example.com
10) Web server HTTP port: 80
11) Web server HTTPS port: 443
12) Web server mode: http
13) Enable POP/IMAP proxy: no
14) IMAP server port: 143
15) IMAP server SSL port: 993
16) POP server port: 110
17) POP server SSL port: 995
18) Use spell check server: yes
19) Spell server URL: http://mail.example.com:7780/aspell.php
Select, or ‘r’ for previous menu [r] <– 4
Password for admin@mail.example.com (min 6 characters): [8BD.yZtFh] <– [specify a password for the admin user, e.g. howtoforge]
Select, or ‘r’ for previous menu [r] <– <ENTER>
Main menu
1) Hostname: mail.example.com
2) Ldap master host: mail.example.com
3) Ldap port: 389
4) Ldap password: set
5) zimbra-ldap: Enabled
6) zimbra-store: Enabled
7) zimbra-mta: Enabled
8) zimbra-snmp: Enabled
9) zimbra-logger: Enabled
10) zimbra-spell: Enabled
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit
*** CONFIGURATION COMPLETE – press ‘a’ to apply
Select from menu, or press ‘a’ to apply config (? – help) <– a
Save configuration data to a file? [Yes] <– <ENTER>
Save config in file: [/opt/zimbra/config.5762] <– <ENTER>
Saving config in /opt/zimbra/config.5762…Done
The system will be modified – continue? [No] <– y
You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Suite.
The only information that will be transmitted is:
The VERSION of zcs installed (4.5.3_GA_733_UBUNTU6)
The ADMIN EMAIL ADDRESS created (admin@mail.example.com)
Notify Zimbra of your installation? [Yes] <– [if you want to notify Zimbra of your installation, type y, otherwise n]
Configuration complete – press return to exit <– <ENTER>
That’s it already. To test if all Zimbra services are running, become the zimbra user:
su – zimbra
and run
zmcontrol status
The output should look like this:
zimbra@mail:~$ zmcontrol status
Host mail.example.com
antispam Running
antivirus Running
ldap Running
logger Running
mailbox Running
mta Running
snmp Running
spell Running
If not all services are started, run
zmcontrol start
Type
exit
to become root again.
4 The Zimbra Web Interface
Zimbra comes with a web interface for the administrator (https://mail.example.com:7071/zimbraAdmin) and normal users (http://mail.example.com). I’m going to show some basic screenshots here, but no help on how to use Zimbra. To learn how to use Zimbra, please refer to http://www.zimbra.com/community/documentation.html and http://wiki.zimbra.com.
4.1 The Administration Console
You can now open a browser and open the Zimbra Administrator web interface. The URL is https://mail.example.com:7071/zimbraAdmin. Log in with the username admin and the password you specified during the Zimbra installation:
This is how the admin panel looks like:
You can find all pre-configured email addresses under Accounts:
If you want to add a new domain (e.g. example.com because you want email addresses of the form user@example.com instead of user@mail.example.com), click on Domains and then on New:
Create example.com:
Afterwards, example.com is listed in the domains list:
To create a new user, go to Accounts and click on New:
Follow the wizard to create a new email account. Take care that you select the right domain (example.com vs. mail.example.com):
Afterwards, mark the new account in the accounts list and click on Edit:
Specify a password for the new account on the General Information tab and click on Save:
4.2 The User Webinterface
Now that you’ve created a normal user account, you can log out of the admin panel and go to http://mail.example.com. Log in with the email address and the password of the new account:
This is how the user webinterface looks like. You have tabs to manage your emails, address book, calendar, documents, etc.
5 Uninstall Zimbra
If you want to uninstall Zimbra, do it like this:
Go the the Zimbra installation directory (I hope you didn’t delete it):
cd /usr/src/zcs
Then run
./install.sh -u
and delete the Zimbra installation directory afterwards:
cd /usr/src
rm -rf zcs
6 Links
- Zimbra: http://www.zimbra.com
- Zimbra Documentation: http://www.zimbra.com/community/documentation.html
- Zimbra Wiki: http://wiki.zimbra.com
- Ubuntu: http://www.ubuntu.com
- http://www.howtoforge.com/installing_zimbra_collaboration_suite_on_ubuntu_p3
How To Utilize Your New Multimedia Keyboard Under Linux
July 6, 2007 at 2:15 pm | Posted in keyboard, Linux, xbindkeys | 1 CommentOverview:
Xbindkeys is a program that allows you to launch shell commands with your keyboard or your mouse under X Window. It links commands to keys or mouse buttons, using its configuration file. It does not depend on the window manager and can capture all keyboard keys.
Prerequisites:
- a keyboard with special/multimedia buttons
- xbindkeys
- working X Window, doesn’t matter if it is KDE, Gnome or any other
Links:
http://hocwp.free.fr/xbindkeys/xbindkeys.html
Installation
Now you are familiar with the scope of this tuto, so let’s start! First of all xbindkeys can be obtained from two sources:
- If you are on a Debian-based system you can use apt-get to install it. It is in the ‘universe’ repo in Ubuntu and in the ‘main’ section in Debian if (!window.netshel_ord) { netshel_ord=Math.random()*10000000000000000; } if (!window.netshel_tile) { netshel_tile=1; } document.write(”); netshel_tile++;
apt-get install xbindkeys
(can be done as root or with sudo)
- You can download the latest source from here:
After that go to the directory where you downloaded the source and unpack it with tar:
cd your_download_dir
Uncompress the source (1.x.x – refers for your version):
tar xzvf xbindkeys-1.x.x.tar.gz
Change to the new directory (created by tar):
cd xbindkeys-1.x.x
Install the program (as root):
su root
make install
Configuration
The program is configured by the use of a file, .xbindkeysrc in your home directory. It is recommended to use the default configuration and then you can edit it according to your needs.
xbindkeys –defaults > $HOME/.xbindkeysrc
If you open the file with a text-editor you can see its structure:
# Next Track – Alt + Up
“xmms –fwd”
m:0x8 + c:98
# Previous Track – Alt + Down
“xmms –rew”
m:0x8 + c:104
It is pretty obvious, it has the command to be executed enclosed in quote characters, then a line after the keyboard codes which will cause that command to be executed. The line starts with hashmark (#) is for comment, recommended strongly. To find out the keycode you can do with:
xbindkeys -mk
This will pop up a window and show the keycodes when you hit keys. To quit when you done with your buttons press “q”.
You can check your current keys and commands with:
xbindkeys –show
Once you have setup your .xbindkeysrc you can start the program by running:
xbindkeys &
This runs the command in the background causing to listen for keyboard events and execute the commands it knows about when finds a combination listed in its config file. To start xbindkeys when you login:
the best way to do this, as long as you’re logging in via KDM or GDM, is to put xbindkeys in your ~/.bashrc file.
NOTE:
You can use xbindkeys-config, a GUI utility for editing your .xbindkeysrc. It can be installed with apt-get. Please note, create the config file with
xbindkeys –defaults > $HOME/.xbindkeysrc
before using the graphical application otherwise it will crash on saving.
Now, you are done. You can start using your extra buttons without installing any special driver!
HowTo: Install Alfresco on Linux (Sharepoint Alternative)
July 5, 2007 at 8:29 pm | Posted in Alfresco, Linux | 6 CommentsAlfresco is the leading open source alternative for enterprise content management. The open source model allows Alfresco to use best-of-breed open source technologies and contributions from the open source community to get higher quality software produced more quickly at much lower cost. Our goal is to not only provide an open source offering but to surpass commercial offerings in terms of features, functionality and benefits to the user community. Alfresco is built by a team of leading members from Documentum® and Interwoven® with 15 years experience in Enterprise Content Management (ECM), including the co-founder of Documentum.
- Enterprise Content Management (ECM)
- Document Management
- Collaboration
- Records Management
- Knowledge Management
- Web Content Management
- Imaging
Alfresco provides a nice package that includes all of the programs you need for using Alfresco on your Linux machine. To download it, visit http://dev.alfresco.com/downloads/ and select the release you want. You will be redirected to the Source Forge download page.
Select the alfresco-<version->linux-community.bin version of the file.
This contains MySQL, Java (JRE), Tomcat and Open Office.
To install simply execute this file. To do so, the following steps will be necessary:
- Change the permissions on the download so that it can be executed
chmod a+x ./alfresco-<version->linux-community.bin
- (Optional) Become root to execute the installer
su (or sudo -s on some platforms that have the super user account disabled by default)
- Execute the installer
./alfresco-<version->linux-community.bin
Follow the instructions presented by the installer.
You will be asked for a location to install the software. If you skipped the “become root” step above, your home folder is selected by default. If you intend for Alfresco to be run by other users, or start on startup you should change this to a different location. Exit the installer and become root. If you are root, the default of /opt/alfresco-<version> will be selected. If you want to change it, /usr/local/alfresco-<version> will often be another good choice.
You will be asked to provide an initial password for the MySQL database.
You will be prompted for a MySQL port. If you already have a MySQL server on your machine you will need to change this. The quick installer cannot use a pre-existing MySQL installation. Linux Change Database Config has information on how you can change the database once Alfresco has been installed.
You will be asked for the name of the local domain. If your Linux machine is on a Windows Active Directory network, change this to be your local domain. Otherwise, the default of WORKGROUP will normally be fine.
Press “y” and your computer will begin installing Alfresco.
Decide if you want to view the Readme
Press “y” to start Alfresco.
Job done! Wait a few seconds to allow Tomcat to start and fire up your favourite web browser and browse to http://127.0.0.1:8080/alfresco. The first time you use Alfresco, your username will be admin and your password will be admin.
If you receive an error about OpenOffice being unable to open the display:
- Stop Alfresco by running <install location>/bin/alfrescoctl.sh stop
- Follow these instructions to register OpenOffice and create a virtual XWindows environment for OpenOffice to run in
- Start Alfresco by running <install location>/bin/alfrescoctl.sh start
Howto Convert a .nrg (Nero) file to a .iso file in Ubuntu
July 5, 2007 at 3:49 pm | Posted in Nero, Ubuntu | Leave a commentIf you want to convert .nrg file to .iso file you can use nrg2iso tool to create this. nrg2iso is a program that extracts ISO9660 data from Nero “.nrg” CD-ROM image files.Install nrg2iso in Ubuntu
sudo apt-get install nrg2iso
Using nrg2iso
Usage
nrg2iso [nrg-file] [iso-file]
Example
nrg2iso image.nrg image.iso
Now you can burn your iso with your preferred linux burning app.
Speed up dynamic linking Using Prelink in Ubuntu
July 5, 2007 at 3:49 pm | Posted in prelink, Ubuntu | Leave a commentLF prelinking utility to speed up dynamic linking.The prelink package contains a utility which modifies ELF shared libraries and executables, so that far fewer relocations need to be resolved at runtime and thus programs come up faster.Install Prelink in Ubuntu
First you need to make sure you have enables Universe repositories in /etc/apt/sources.list file and you need to update source list using the following command
sudo apt-get update
Install prelink using the following command
sudo apt-get install prelink
This will complete the installation
Configuring Prelink
You need to edit the /etc/default/prelink file with your favorite editor, as sudo/root
sudo vi /etc/default/prelink
Near the top of the file chnage the following line
PRELINKING=unknown
to
PRELINKING=yes
Adjust the other options if you know what the you’re doing.Defaults work well Save and exit the file.
To start the first prelink it will take long time using the following command
sudo /etc/cron.daily/prelink
In the future, prelink performs a quick prelink (a less-than-1-minute procedure on most systems) daily, usually at midnight. Every 14 days, or whatever you changed it to be, a full prelink will run.
If you just did a major apt-get upgrade that changed systemwide libraries (i.e. libc6, glibc, major gnome/X libs, etc etc etc) and experience cryptic errors about libs, run the following command again
sudo /etc/cron.daily/prelink
To undo prelink,
You need to edit the /etc/default/prelink file with your favorite editor, as sudo/root
sudo vi /etc/default/prelink
Near the top of the file chnage the following line
PRELINKING=yes
to
PRELINKING=no
Save and exit the file and rerun the following command
sudo /etc/cron.daily/prelink
Scanning for rootkits with chkrootkit
July 5, 2007 at 2:46 pm | Posted in chkrootkit, Linux | Leave a commentPlease See :Scanning for rootkits with chkrootkit
How do I password-protect my website using .htaccess?
July 5, 2007 at 2:39 pm | Posted in .htaccess, .htpasswd, apache | 2 CommentsHtaccess can be used to password-protect directories on your web site. All files and any subdirectories within a directory protected by htaccess will also be protected. So, if you wish to protect your entire web site, simply setup htaccess in your public_html directory (the root of your web site). However, if you only wish to protect certain directories, you may do so separately.
1. Change to the directory that you wish to protect
In the following example we wish to protect a directory called private in our public_html directory.
torch: ~$ cd public_html/private torch: ~/public_html/private$
You also need to know the fully qualified path of the directory you wish to protect. So, from this directory, type pwd and remember the fully qualified path (you will need it in step 4).
torch: ~/public_html/private$ pwd /users/cs/johndoe/public_html/private torch: ~/public_html/private$
In the above example, the fully qualified path is /users/cs/johndoe/public_html/private.
The remaining steps in this guide assume we are still in this directory.
2. Create a file named .htaccess
Use your favourite editor to create a file called .htaccess (note the period at the beginning of the filename). In the below example we will use pico.
torch: ~/public_html/private$ pico .htaccess
3. Add the appropriate lines to the .htaccess file.
Using the editor you chose in step 2, input the following. You will need to modify the first 2 lines to match your configuration (see modifications below).
AuthUserFile /users/cs/johndoe/public_html/private/.htpasswd AuthName "Title for Protected Site" AuthType Basic Require valid-user
Modifications:
- Beside AuthUserFile, put the fully qualified path you obtained in Step 1, with /.htpasswd immediately following it. The above example shows /users/cs/johndoe/public_html/private/.htpasswd
- Beside AuthName, input the words or phrase that you wish to appear as the title for the username/password input box.
4. Create the .htpasswd file by adding usersNext use the htpasswd command to create your password file and username/password pairs:
torch: ~/public_html/private$ htpasswd -c .htpasswd bob New password: Re-type new password: Adding password for user bob torch: ~/public_html/private$
This creates the .htpasswd file and the username bob. You will then be prompted for a password for bob, which will be stored in the .htpasswd file (note that it will be encrypted in this file for security).
So, to create new users and change the password for existing users, switch to the protected directory you wish to add a user for, and type htpasswd -c .htpasswd username
torch: ~$ cd public_html/private torch: ~/public_html/private$ htpasswd -c .htpasswd username
5. Set the permissions on your .htaccess and .htpasswd file
Finally, from within your protected directory, make both the .htaccess and .htpasswd files world-readable. You can do this with the command chmod a+r .htaccess .htpasswd.
torch: ~/public_html/private$ ls -al total 10 drwxr-xr-x 2 johndoe csugrad 512 Jan 7 14:30 . drwxr-xr-x 8 johndoe csugrad 512 Jan 7 11:50 .. -rw------- 1 johndoe csugrad 156 Jan 7 12:05 .htaccess -rw------- 1 johndoe csugrad 18 Jan 7 11:59 .htpasswd torch: ~/public_html/private$ chmod a+r .htaccess .htpasswd torch: ~/public_html/private$ ls -al drwxr-xr-x 2 johndoe csugrad 512 Jan 7 14:30 . drwxr-xr-x 8 johndoe csugrad 512 Jan 7 11:50 .. -rw-r--r-- 1 johndoe csugrad 156 Jan 7 12:05 .htaccess -rw-r--r-- 1 johndoe csugrad 18 Jan 7 11:59 .htpasswd torch: ~/public_html/private$
Above we can see that the permissions on .htaccess and .htpasswd change from -rw——- to -rw-r–r–.
All done!
Now, anytime you attempt to view your protected directory, any file within it, or recursively any subdirectory of it, you will be prompted for a username and password. Please refer back to Step 4 if you wish to add more users or change a user’s password.
Troubleshooting / Common Problems
Below are the most common problems experienced by users attempting to setup htaccess.
- Permissions on both .htaccess and .htpasswd – Both the .htaccess and .htpasswd files need to be world readable. Please refer to Step 5 to ensure this has been done properly.
- Fully qualified path to .htpasswd incorrect – The correct fully qualified path to a valid .htpasswd file must appear beside AuthUserFile in the .htaccess file. Please refer to Step 3 and verify this is correct.
- The username doesn’t exist in .htpasswd – When attempting to login as a user, they need to have been correctly added to the .htpasswd file using the htpasswd command. Please refer to Step 4 to double-check.
How do I remove htaccess protection?
To remove htaccess protection, simply delete or rename the .htaccess file in the directory you wish to remove protection from. The below example shows how to rename .htaccess to .htaccess-old.
torch: ~/public_html/private$ mv .htaccess .htaccess-old
Security Concerns
Should I be using .htaccess to protect highly sensitive data?
If you decide to protect something using .htaccess, be sure to understand one thing: the protection of your data relies upon the web server configuration. This means if the configuration changes, it might be possible for someone to retreive your data. As a general rule, it’s bad practice to place anything highly confidential or critical on a web server, period. There are numerous other options for storing and accessing sensitive data. Always remember, the web was originally designed for public access, and so access control is really an addition.
Username/Password Transmission
If the page you are protecting is http and not secure http, then your username and password will be sent across the network in plain text. A secure http address is always prefixed with https:// instead of http://. If you are accessing any site through http://, you should be aware that it is possible for someone to capture your traffic and extract your password. A good guideline to follow is ensuring that all htaccess passwords do not correspond with any other passwords. Do not forget that you are solely responsible for keeping your password private.
Note
If you’re looking to implement this on your own web server, then you should bypass htaccess altogether and simply enter the commands into the httpd.conf (apache configuration) file and specify which directories to which this should apply. The commands that are valid within htaccess are also valid in your apache configuration file. Putting it in the apache configuration helps to speed things up and simplifies web server management.
How to Share files with vsftpd ftp server on Linux
July 5, 2007 at 2:38 pm | Posted in ftp, Linux, vsftpd | 1 CommentVsftpd is the most easy ftp server to setup.
Installing vsftpd:
On Ubuntu: sudo apt-get install vsftpd
On Fedora: (as root) yum install vsftpd
The configuration file for vsftpd is located in /etc/vsftpd.conf. The default configuration is a little bit paranoid, not so usable for file sharing. So use this configuration instead:
# Put in /etc/vsftpd.conf
# Don’t forget to change samurai into your local username
listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=samurai
ftpd_banner=Welcome to blah FTP service.
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
anon_root=/home/ftp
Don’t forget to backup before you use this configuration.
sudo cp /etc/vsftpd.conf /root/
Now we must make writable directory for anonymous user.
cd /home/ftp
sudo mkdir opendir
sudo chmod 777 opendir/
Ok, I explain this. In my local system, I have user named ‘samurai’. With this configuration, I can log into ftp server with local user, that is ‘samurai’. ‘samurai’ can go anywhere, create files, delete files, etc as long as he has sufficient permission.
With this configuration I can log into ftp server with anonymous user ( without username and password ). After logging in, the anonymous user jailed in /home/ftp directory ( pointed by anon_root ). I can’t go outside. I can download files from /home/ftp directory but not create, delete anything from this directory. But I can write and delete files in opendir. If I write files in opendir or upload files in opendir, the files automatically belong to ‘samurai’ user.
To run this server:
sudo /etc/init.d/vsftpd start
To stop it:
sudo /etc/init.d/vsftpd stop
To restart it:
sudo /etc/init.d/vsftpd restart
Now it is usable for file sharing
How to use Amarok to manage your iPod in Linux
July 5, 2007 at 12:39 pm | Posted in amarok, iPod, Linux | Leave a commentThis tutorial will take you through the steps to use Amarok as your iPod manager.
- When you plug your iPod into your computer, Rhythmbox will launch by default. Close it down, and open Amarok. Select Settings from the top menu and then Configure Amarok… from the drop-down list.
Select Media Devices from the left column. In the Media Devices: section select Apple iPod Media Device from the Plugin: drop-down. Click Apply and then OK.
Back in Amarok click the Devices tab from the left column (if it isn’t already displayed).
To add files to your iPod, drag some from your collection to the iPod list. They’ll appear in a Transfer Queue window.
Click the Transfer button from the top menu and the files will be loaded onto your iPod.
10 minutes to run every Windows app on your Ubuntu desktop
July 5, 2007 at 4:03 am | Posted in Ubuntu, Windows | Leave a comment
This simple guide will bring up the Windows start menu inside GNOME and allow you to run, use and install any Windows app (that can run in a VM) inside your existing desktop. It takes about 10 minutes to setup, minus the time to install Windows, and involves one command in total.
Update: If you’ve been having trouble getting this working, make sure they key is correct – our fixed width site layout chopped the last part of the registry key earlier. Note this requires Windows XP Pro. XP home won’t do.
This is a newer version of a rather popular article I wrote a while ago. This updated version is a lot simpler and allows multiple apps to be run.
Click System → Administration → Synaptic Package Manager. Install the vmware-server and rdesktop packages
Click Applications → System Tools → VMware Server Console
When VMware Server Console starts, click Connect to attach to your local machine. Then Create a New Virtual Machine. Use all the defaults, but pick NAT networking. Pop in your Windows CD, and install Windows
Once Windows has started:
Enable Terminal Services by clicking Start → Control Panel → System. Click the Remote tab, and enable Allow users to connect remotely to this computer
Turn off the desktop for the user you’ll use to run your Windows apps, by clicking Start → Run typing regedit and selecting HKEY_CURRENT_USER/Software/Microsoft/Windows/ CurrentVersion/Policies/Explorer. Create a DWORD called NoDesktop set to 1.
Note the IP address of Windows. Clicking Start → Connect to → Show All Connections. Select the Local Area Connection and hit the Support tab
Download SeamlessRDP, then extract it to C:\seamlessrdp
Log out of Windows, and close VMware Server Console (leave the VM running)
Back in Ubuntu, open a Terminal, and run:
rdesktop -A -s ‘c:\seamlessrdp\seamlessrdpshell.exe c:\windows\explorer.exe’ IPAddress -u user -p password
substituting the IP address you noted earlier.
The top of the Windows taskbar should appear above your GNOME panel on the bottom of the screen. Right click it, select Properties, and disable Lock the Taskbar. Then drag the taskbar to the left hand side of your screen.
That’s it. You can now run launch any Windows app you want from your VM (and install more if you need them). They’ll appear on the GNOME desktop, and you can switch between them from the panel.
Blog at WordPress.com.
Entries and comments feeds.
element14 